The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration (FDA), Department of Health and Human Services (HHS), and the Department of Homeland Security (DHS). The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices. Continue Reading
As commercial use of unmanned aircraft systems (UAS) begins to take flight, the Hogan Lovells Privacy and Information Management practice has partnered with colleagues across the firm to respond to the needs of manufacturers and operators of UAS. The launch of the group comes at a time when government activity to regulate UAS is creating both new opportunities and risks in the marketplace. Continue Reading
The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information. Continue Reading
On Tuesday, October 28, Natalia Gulyaeva of Hogan Lovells’ Moscow office and Bret Cohen of our Washington, D.C. office will host a complimentary webinar outlining implications for businesses of the new Russian data localization law. The law, which may come into effect as early as January 2015, requires that data “operators” – organizations that process personal data of Russian citizens, including providers of Internet-based services – store the personal data of Russian citizens on databases located in the country. Continue Reading
The Conference of the German Federal and State Data Protection Authorities during its last meeting on 8 and 9 October adopted the resolution “Data Protection in the Car”. The resolution expresses a concern about what it describes as privacy risks involved in the growing collection and processing of personal data in cars, and the interests of various actors (car manufacturers, service providers, insurance companies, employers) in using those data. Continue Reading
Corporate boards and senior management are more focused than ever before on cyber incident prevention and preparedness. Recently thecorporatecounsel.net, an influential resource for corporate governance lawyers, addressed this topic in a program titled “Cybersecurity: Working the Calm Before the Storm,” describing what the board and senior management can do to prepare for the inevitable cybersecurity breach. The program featured Hogan Lovells Partner Harriet Pearson.
To read the transcript, click here.
To listen to “Cybersecurity: Working the Calm Before the Storm” (subscription required), click here.
<p align="leftFrom 13 to 16 October 2014, privacy regulators and data protection authorities from around the world will be gathering together with experts in the field – including our London-based partner Eduardo Ustaran – to discuss, debate and hopefully agree on how to address the toughest privacy challenges of our time. The 36th International Conference of Data Protection and Privacy Commissioners is entitled “A World Order for Data Protection – Our Dream Coming True?” This year’s conference is taking place in Mauritius, a clear sign of the truly global nature of this issue. Continue Reading
The Federal Trade Commission (FTC) recently submitted comments to the Federal Communications Commission (FCC) in which it reminded broadband Internet service providers that they are subject to several data privacy and security laws enforced by the FTC. The FTC’s comments underscore why broadband providers – as well as their vendors and business partners – must keep a close watch on both FCC and FTC developments in the privacy and security space.
Government officials emphasized the importance of risk analysis and risk management in safeguarding PHI at the Seventh Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 23–24, 2014, and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The following themes emerged during the conference: Continue Reading
The 2009 HITECH Act mandated that the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) conduct periodic audits of covered entities and business associates for compliance with HIPAA privacy and security requirements. In 2012, OCR conducted a pilot audit program involving 115 covered entities. In February 2014, the agency issued a notice in the Federal Register announcing its plan to survey up to 1,200 covered entities and business associates to select organizations for the next round of HIPAA audits. Continue Reading